Kemoge, or what we call ShiftyBug, is a piece of Android malware that roots a victim’s device and installs itself as a system application, making it very difficult to remove. Its end game is to install additional applications on the to the device.There are eight different exploits packed into the malware that are tailored to root that specific kind of device, the majority of which impact Samsung devices.
Are Lookout customers protected?
Lookout protects its customers from this malware. If a customer encounters Kemoge, Lookout will alert the user and recommend they don’t install the app. Lookout will then walk the person through the process of making sure the malware does not continue to download or take hold of the device.
Reports on Kemoge suggest that it may attempt to uninstall anti-malware software, such as Lookout, in order to keep itself safe from removal. Any application which exploits the device to gain root access, if successful, has free reign of the device and its operating system. This can be used in nefarious ways, such as deleting other applications on the device. However, if you have Lookout on your phone prior to downloading Kemoge, you are safe.
For those customers using our enterprise product, we will also alert IT administrators to the presence of Kemoge on devices in their workforce.
Who is affected?
We’ve watched this malware for some time and based on our research we've found it is most prevalent in:
- Great Britain
This is an Android-specific threat.
What can I do?
We consider Kemoge to be a sophisticated piece of malware. If you have Lookout installed on your device, you are protected.
Otherwise, you may need to purchase a new device or install a clean factory ROM. Unfortunately, when a piece of malware gains root access to a device, it becomes extremely difficult to remove.